Date: Thu, 16 Jan 2014 09:39:28 -0600 [10:39:28 EST]Attached is a file SFHJRQY9PSXBSK334.zip which in turn contains a malicious executable SF.EXE which has an icon that makes it look like a PDF file. This file has a very low detection rate at VirusTotal of 2/48. The Malwr analysis shows an attempted connection to centrum.co.id on 75.98.233.44 (Ceranet, US). This is the only site on that server, blocking either the IP or domain might be useful.
From: "support@salesforce.com" [support@salesforce.com]
Subject: ACTION REQUIRED: A document has arrived for your review/approval (Document Flow Manager)
Priority: High Priority 2
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.
Record ID: HJRQY9PSXBSK334
Supplier: http://[victimdomain.com]
Invoice No.: 5644366804
Document No.: 3319683775
Invoice amount: USD 0488.21
Rejection reason(s): Approval Required
Please find enclosed a record of invoice that could not be processed. We would like to ask you to assist us in resolving the noted rejection reasons.
Thursday, 16 January 2014
"ACTION REQUIRED: A document has arrived for your review/approval (Document Flow Manager)" spam
This spam with a lengthy subject has a malicious attachment:
Labels:
EXE-in-ZIP,
Malware,
Spam,
Viruses
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment